Μοντέλα ελέγχου πρόσβασης βασισμένα σε ρόλους (RBAC) : υλοποίηση με ενσωμάτωση χρονικών περιορισμών στο περιβάλλον των Windows

Abstract

The common requirement of all modern information systems is the protection of information during its distribution in them. Access control requires the existence of a series of mechanisms that ensure Integrity, Confidentiality and Authorization. In this thesis, we present the Basic Principles of Information Protection and the Basic Access Control Structures that ensure them (e.g. Access Control Matrixes, Access Control Lists – ACLs, Capability Lists) as well as a series of access control policies towards the same direction. Specifically, we present models such as the Discretionary Access Control (DAC), the Mandatory Access Control (MAC), the Bell – LaPadula Model, Biba’s Model, the Chinese Wall Security Policy, the Harrison-Ruzzo-Ullman model, the Clark Wilson model and the Domain – Type Enforcement model. Special emphasis is given to the Role Based Access Control Model (RBAC). The four main components of the basic model (Core RBAC, Hierarchical RBAC, Constrained RBAC, Symmetric RBAC) are analyzed along with four of its extensions: Temporal Role Based Access Control (TRBAC), Generalized – Temporal Role Based Access Control (GTRBAC), Generalized Role-Based Access Control (GRBAC) and Quality of Service Role Based Access Control (QRBAC). Finally, we present the implementation and functionality of an application which implements the core RBAC model along with some components of TRBAC and GTRBAC extensions. The user-friendly interface highlights the advantages of RBAC even in a small, autonomous local computing system. The application is about the administration of access rights in a computer that is employed in school environment. Of course, after some minor parameter adjustment, it can also be incorporated into other local computing systems that have the same or similar requirements.